5.6 million Ascension Health patient data stolen

Ascension Health is a non-profit organisation that operates 140 hospitals and 40 nursing homes in 19 US states and receives 16 million medical visits a year. The organisation confirmed in a statement on 19 December that it suffered a cybersecurity incident in May, in which the records of 5.6 million patients were stolen.

On 8 May, the organisation suffered a ransomware attack, which made it difficult or impossible to access IT systems, forcing its hospitals to use pen and paper for administration, cancel non-urgent services, and even experienced problems with ambulance routes and delays in obtaining test results.

Although the incident was mitigated in the weeks that followed, it was not until December that the organisation admitted to the data breach, which included government identification, personal data, medical data, and insurance data.

The FBI and CISA have urged other organisations and hospitals to increase security due to the spate of attacks the US healthcare system is experiencing. Although not yet confirmed, threat actor Black Basta is believed to be responsible for the cyberattack.